Quantum encryption keys obtained from a moving plane

A technical demonstration shows that an exchange with satellites is possible.

Here in the Ars science section, we cover a lot of interesting research that may eventually lead to the sort of technology discussed in other areas of the site. In many cases, that sort of deployment will be years away (assuming it ever happens). But in a couple of fields, the rapid pace of proof-of-principle demonstrations hints that commercialization isn't too far beyond the horizon.

One of these areas is quantum key distribution between places that aren't in close proximity. Quantum keys hold the promise of creating a unique, disposable key on demand in such a way that any attempts to eavesdrop will quickly become obvious. We know how to do this over relatively short distances using fiber optic cables, so the basic technique is well-established. Throughout the past couple of years, researchers have been getting rid of the cables: first by sending quantum information across a lake, then by exchanging it between two islands.

The latter feat involved a distance of 144km, which is getting closer to the sorts of altitudes occupied by satellites. But exchanging keys with satellites would seem to add a significant challenge—they move. Over the weekend, Nature Photonics published a paper that indicates we shouldn't necessarily view that as an obstacle. The paper describes a team of German researchers who managed to obtain quantum keys transmitted from a moving aircraft.

The aircraft in question was a Dornier 228 turboprop in which the authors set up a shock-protected optical bench to generate the photons they needed for the experiment. Those were sent via a fiber optic cable to a transmitter on the underside of the aircraft. This included tracking equipment that allowed it to keep the transmissions pointed at a specific ground station.

That ground station was a 40cm telescope operated by the German Aerospace Center. It was kept pointed at the aircraft by using GPS coordinates transmitted by the aircraft over classical communications channels. Once it had a fix, a beacon laser was used to illuminate the aircraft, confirming that a directional link had been established. At that point, the plane's hardware could start transmitting bits using the polarization of photons.

Since this was a proof of principle, the authors simply rotated through four potential polarizations in order to ensure that they could tell when the ground station was picking up the appropriate bit. One of the big problems was noise. Each second, the ground station's detectors were picking up background noise at a rate of about 1,000 events per second, while the aircraft was only transmitting 800 bits per second (so there was a lot of noise to filter out). Some of this was actually from the aircraft's blinking anticollision light, which the detector picked up nicely.

By filtering out the noise (and discarding anything from when the anticollision light flashed), the authors were able to achieve a rate of about 145 bits a second. Adding the extra information needed to detect eavesdropping would drop that to eight bits a second. That would be a horrific rate for transmitting data, but remember, these are just the bits of a key. Once the key is established, encrypted communications can take place on much faster channels. If they were willing to gather keys for a while, they could get as many as 80 kilobits in a single passage of the plane.

In the end, the authors say that the hard part was developing the pointing system and developing a system that could account for the rotation of the hardware as it tracked, which can otherwise skew the measurements. But with those developed, it seems that exchanging keys with a free-moving object is relatively straightforward. We may not be ready to put this in orbit yet, but it certainly seems like we're getting very close to being ready to try.

I don't see why the 8 bits per second isn't horrific. :-) Communications using the established key can indeed take place over faster channels, but since the communications are only provably secure if you're using the key as a one time pad, the total average data rate will never exceed 8 bits per second (assuming that the key can be accumulated 24/7).

So if I write an article titled "Zarousky cakes cook better underground" I can explain everything about this fact without ever remotely mentioning what the heck is a Zarousky cake because all my readers are assumed to know that already???

Quantum Encryption doesn't change anything (for most things). You could set up dedicated links between you and every other party you wished to communicate on the Internet today, laying your own fiber, using RF, or some other medium. That would 'eliminate' the ISPs, and be even faster!

Quantum Encryption isn't magic, it's merely a way to exchange some data in a way that you'll know if a third party observed the data... Quantum Encryption won't help against malicious routers (which you'll still need to scale up), it'll only help against people splicing into the physical line itself, and maybe eavesdropping on wifi (being generous). It won't help if someone tricks the router into broadcasting the ethernet frames to everyone on the network, nor will it help if someone hijacks (or malicious already operates) the router and copies the data that passes through it (which has to be read by the router to... you know... route it).

Just as with wireless packet networks, immediately the layman is looking to shave a minor expense, with no appreciation for the risks, practicalities, advantages, disadvantages, timelines and economics.

The hard part was the mechanical tracking mechanism??? That doesn't seem right...

My thoughts as well. Those are solved problems, so it looks like maybe the reinvented the wheel on the pointing and tracking mechanics. Not saying they are not hard problems, but they are hard solved problems if you know who to talk to.

Communications using the established key can indeed take place over faster channels, but since the communications are only provably secure if you're using the key as a one time pad, the total average data rate will never exceed 8 bits per second (assuming that the key can be accumulated 24/7).

I think you're confused. While it's true the only perfectly secure method OTP, in practice symmetric encryption also appears to be entirely secure. Even if someone had a fully functional quantum computer of significant capacity, there is no known way to achieve greater then quadratic speedup (Grover's) against symmetric encryption, which in turn can be countered simply by doubling key size. Shor's algorithm only applies to asymmetric systems using factorization, like RSA. Most existing symmetric crypto schemes should remain secure even in the face of widespread quantum computers.

The traditional problem with using that in communications though (rather then to, say, secure your own hard drive) is key distribution. That's what quantum encryption can enable, the secure generation and sharing of symmetric crypto session keys. With that out of the way the rest of the session should be able to proceed as fast as the hardware and channels can handle.

So if I write an article titled "Zarousky cakes cook better underground" I can explain everything about this fact without ever remotely mentioning what the heck is a Zarousky cake because all my readers are assumed to know that already???

Yeah... if ars has explained this before, could we have a link to it? What is quantum encryption, why is it special, why does it require lasers, how can it be used to tell if someone is evesdropping, why does it need such special tracking, and why is this tracking so much more difficult than other fields that require such tracking?

So if I write an article titled "Zarousky cakes cook better underground" I can explain everything about this fact without ever remotely mentioning what the heck is a Zarousky cake because all my readers are assumed to know that already???

While I am familiar with the topic, I do agree that a link to a more general discussion of the topic would have been nice. The two links near the beginning are still follow-ons to the original topic of quantum encryption. I'm pretty sure Ars has a general article on that topic from a while back that could be linked.

So if I write an article titled "Zarousky cakes cook better underground" I can explain everything about this fact without ever remotely mentioning what the heck is a Zarousky cake because all my readers are assumed to know that already???

Maybe they figure you have a vast information network with search engines at your disposal? Just guessing.

So if I write an article titled "Zarousky cakes cook better underground" I can explain everything about this fact without ever remotely mentioning what the heck is a Zarousky cake because all my readers are assumed to know that already???

Maybe they figure you have a vast information network with search engines at your disposal? Just guessing.

Having a vast information network is exactly the problem. When you don't know what something is, how do you know which of the bazillion hits will provide accurate, meaningful, and understandable information? In other words, why should a reader be expected to invest significant time tracking down a source when the author is far better equipped to provide it?

The hard part was the mechanical tracking mechanism??? That doesn't seem right...

My thoughts as well. Those are solved problems, so it looks like maybe the reinvented the wheel on the pointing and tracking mechanics. Not saying they are not hard problems, but they are hard solved problems if you know who to talk to.

The kind of comments like the one above and the one it quotes are absurd. Why?Well, obviously you are suggesting, after spending only a few minutes of reading an article, that these scientists - most likely with years of experience in research (and development of own apparatuses) - might have overlooked something obvious (i.e. to ask someone who knows what he's doing when encountering a problem outside the own area of expertise) that even the average internet commenter (no offense!) is clearly aware of. Absurd, isn't it?

Communications using the established key can indeed take place over faster channels, but since the communications are only provably secure if you're using the key as a one time pad, the total average data rate will never exceed 8 bits per second (assuming that the key can be accumulated 24/7).

I think you're confused. While it's true the only perfectly secure method OTP, in practice symmetric encryption also appears to be entirely secure. Even if someone had a fully functional quantum computer of significant capacity, there is no known way to achieve greater then quadratic speedup (Grover's) against symmetric encryption, which in turn can be countered simply by doubling key size. Shor's algorithm only applies to asymmetric systems using factorization, like RSA. Most existing symmetric crypto schemes should remain secure even in the face of widespread quantum computers.

If the benefit of this key exchange system is that you know if someone has listened in or tampered with it, doesn't that introduce a simple DoS attack?

Someone can DoS you just by listening to the communication.

Doesn't robust security mean that you assume that your adversary can listen in on the communication? This seems reminiscent of some 802.11 encryption failures.

If you can listen in, you're already in position to perform a DoS attack, and it's actually easier to DoS... you simply just don't retransmit the message.

Rb87 wrote:

xoa wrote:

Rb87 wrote:

Communications using the established key can indeed take place over faster channels, but since the communications are only provably secure if you're using the key as a one time pad, the total average data rate will never exceed 8 bits per second (assuming that the key can be accumulated 24/7).

I think you're confused. While it's true the only perfectly secure method OTP, in practice symmetric encryption also appears to be entirely secure. Even if someone had a fully functional quantum computer of significant capacity, there is no known way to achieve greater then quadratic speedup (Grover's) against symmetric encryption, which in turn can be countered simply by doubling key size. Shor's algorithm only applies to asymmetric systems using factorization, like RSA. Most existing symmetric crypto schemes should remain secure even in the face of widespread quantum computers.

While it's true the only perfectly secure method OTP, in practice symmetric encryption also appears to be entirely secure. Even if someone had a fully functional quantum computer of significant capacity, there is no known way to achieve greater then quadratic speedup (Grover's) against symmetric encryption, which in turn can be countered simply by doubling key size.

Your post is a good one, but it's worth mentioning that Grover's algorithm limits the upper bounds of security against quantum computers. The lower bounds remain undefined. Classical cryptanalytic techniques continue to progress, and quantum computing is still a new field, and the union of the two might yet find some low-hanging fruit waiting to be plucked.

(Un)Fortunately, quantum computing seems to be progressing slowly. For now, at least.

I don't see why the 8 bits per second isn't horrific. :-) Communications using the established key can indeed take place over faster channels, but since the communications are only provably secure if you're using the key as a one time pad, the total average data rate will never exceed 8 bits per second (assuming that the key can be accumulated 24/7).

The industry is generally happy with the strength of using a one-time use key as the seed for a random number generator of some kind.

Also, just because you download the key right now doesn't mean you have to use it right away. Even at 8 bits per second, if you do it all day long you could achieve occasional bursts critical data at gigabit speeds.

This is definitely useful technology, and will only get better.

And lets not forget there is really no alternative to this style of key transfer. The closest we have is to get someone to carry an explosively charged briefcase to the destination. Perhaps the thing has a timer that will blow up after X hours no matter what happens, and only the destination has the means to disarm it. Not particularly convenient either.

So if I write an article titled "Zarousky cakes cook better underground" I can explain everything about this fact without ever remotely mentioning what the heck is a Zarousky cake because all my readers are assumed to know that already???

Maybe they figure you have a vast information network with search engines at your disposal? Just guessing.

Having a vast information network is exactly the problem. When you don't know what something is, how do you know which of the bazillion hits will provide accurate, meaningful, and understandable information? In other words, why should a reader be expected to invest significant time tracking down a source when the author is far better equipped to provide it?

I typed in quantum encryption in wikipedia and had a general description in less time than it took me to type this sentence. (about 15 seconds)

When I first started reading Ars I had moments of frustration at the lack explanation of background material (occasionally) but more frequently with tech acronyms. Wikipedia soon became my friend (though sometimes parsing acronyms can still be a pain).

Although, I haven't read up that much on quantum computing/encryption so maybe I'm not understanding something here.

Quantum Encryption is completely unrelated to Quantum Computing, except for the word 'quantum'. Quantum Encryption is also not encryption, it's mostly just a method that can be used to detect an eavesdropper. Since lasers are using, the only way to 'observe' the stream of data is to capture the photons... which means you're capable of completely blocking the signal (usually it's done with a fiber optic line, what's notable about this is the laser is being shot through the air instead). Only photons that travel between the two parties without ever being measured will be considered 'valid'.

Quantum Encryption relies on some pretty complicated (although simple at a high enough level) stuff. Basically, all it does, is tell you if a third-party had observed a bit of data you received.

Doesn't robust security mean that you assume that your adversary can listen in on the communication? This seems reminiscent of some 802.11 encryption failures.

If you can listen in, you're already in position to perform a DoS attack, and it's actually easier to DoS... you simply just don't retransmit the message.

Not when the transmit media is the air/atmosphere, as is the case in this article.

Over other media it would depend on the network topology. The reason we have encryption in the first place is to keep data private from people who are able to intercept it.

If no one can intercept it then there is no reason to encrypt it, so encryption implies that it can be intercepted.

This seems to be a different approach, instead of saying we are going to encrypt private data over an untrusted medium it is saying we will not allow communication over an untrusted medium.

Although, I haven't read up that much on quantum computing/encryption so maybe I'm not understanding something here.

You're not understanding something.

This is quantum physics so I'm not entirely comfortable myself... but my understanding is that it is impossible, according to the laws of physics, for the particles to be inspected without changing them.

So, when the intended recipient inspects the data, they will know that nobody else has done so.

You can DDOS the whole thing by simply looking at the particles. But the recipient will know you did it. This isn't about transferring secret data, this is about transferring data that you want to know *for sure* that nobody but the two endpoints has ever seen.

Usually it'd just be random useless data, which can be used to encrypt something else via traditional means (transmitting a one time pad would be a good use case, it is impossible to crack but rarely used because you need something like this to setup the encryption beforehand).

But exchanging keys with satellites would seem to add a significant challenge—they move.

While LEO (Low Earth Orbit) and MEO (Medium Earth Orbit) do traverse the visible sky at various speeds; I wonder if there are applications for GSO (Geo Stationary Orbit) Satellites. These GSO satellites appear stationary in orbit and should be capable of pointing a beam at an earth station with enough accuracy to transmit this data. Or a web of satellites in LEO could work in concert to produce the same (albeit very expensive) results.

This is quantum physics so I'm not entirely comfortable myself... but my understanding is that it is impossible, according to the laws of physics, for the particles to be inspected without changing them.

So, when the intended recipient inspects the data, they will know that nobody else has done so.

You can DDOS the whole thing by simply looking at the particles. But the recipient will know you did it. This isn't about transferring secret data, this is about transferring data that you want to know *for sure* that nobody but the two endpoints has ever seen.

Usually it'd just be random useless data, which can be used to encrypt something else via traditional means (transmitting a one time pad would be a good use case, it is impossible to crack but rarely used because you need something like this to setup the encryption beforehand).

At this point you don't really need to understand the quantum physics piece of it - and your description is very good. The point behind this technology is the ultimate in security - which is the ability to absolutely know if your message is safe to send. If the keys make it without being intercepted, then you are clear. If they are disturbed, then you KNOW someone tried to witness the keys and you must make another attempt.

"In the end, the authors say that the hard part was developing the pointing system and developing a system that could account for the rotation of the hardware as it tracked, which can otherwise skew the measurements."